Documents Show Errors in TSA's "No Fly" and "Selectee" Watch
Lists

Background

The Transportation Security Administration (TSA), which is now part of the
Department of Homeland Security, is authorized by law to maintain watch
lists of names of individuals suspected of posing "a risk of air piracy or
terrorism or a threat to airline or passenger safety." While
initially denying to the media that such a list existed, the TSA finally
acknowledged its existence in October 2002.

EPIC submitted a Freedom of Information Act request in October 2002 to learn
more about the operation of the watch lists, which reportedly had been used
to interfere with the travel of political activists. When the TSA failed
to respond to EPIC's request, EPIC filed suit in December 2002. (EPIC
v. TSA).
The lawsuit sought, among other things, TSA's criteria for putting people
on the lists that bar some passengers from
flying and subject others to extensive scrutiny, and complaints from passengers
who felt they had been mistakenly placed on the lists. See TSA
FOIA response (pdf) for more information.

TSA released documents in response to EPIC's request April 2003. The documents,
while heavily redacted, provide give an insight into how the TSA operates
the watch lists, and raises several questions for further public and Congressional
oversight.

In recent months, EPIC has continued to pursue FOIA requests to learn more
about the operation of the watch lists.

The documents establish that the TSA administers two lists: a "no fly" list
and a "selectee" list, which requires the passenger to go through additional
security measures. The names are provided to air carriers through Security
Directives or Emergency Amendments and are stored in their computer systems
so that an individual with a name that matches the list can be flagged when
getting a boarding pass. A "no fly" match requires the agent to call a law
enforcement officer to detain and question the passenger. In the case of
a Selectee, an "S" or
special mark is printed on their boarding pass and the person receives additional
screening at security. The TSA has withheld the number of names on each of
the lists.

The watch list was created in 1990, with a list of individuals who have
been "determined to pose a direct threat to U.S. civil aviation." This list
was administered by the FBI before the Federal Aviation Administration and
the TSA assumed full administrative responsibility in November
2001. The Transportation Security Intelligence Service (TSIS) currently serves
as the clearinghouse for the addition of names to the lists. Since the TSA
took over, the watch list "has expanded almost daily as Intelligence Community
agencies and the Office of Homeland Security continue to request the addition
of individuals to the No-Fly and Selectee lists." (TSA
Watchlists memo)
The names are approved for inclusion on the basis of a secret criteria. The
Watchlists memo notes that "all individuals have been added or removed ...
based on the request of and information provided, almost exclusively by [redacted]."

There are two primary principles that guide the placement on the lists,
but these principles have been withheld. The documents do not show whether
there is a formal approval process where an independent third party entity
is charged with verifying that the names are selected appropriately and that
the information is accurate. Furthermore there is no reference to compliance
with the Privacy Act of 1974, which imposes certain record keeping obligations
on the agency.

It appears from the 2002 FOIA documents obtained by
EPIC that TSA directed individuals to their
local FBI offices to clear their names. More recent documents obtained in
2005 show that an ombudspersom within TSA is responsible for handling requests
to be removed from the lists.

EPIC has also obtained more than a hundred
complaints filed by irate passengers who felt they had been incorrectly
identified for additional security or were denied boarding. The complaints
describe the bureaucratic maze passengers find themselves in if they happen
to be mistaken for individuals on the lists. In one case the TSA notified
a passenger that airlines are responsible for administering the first generation
Computer Assisted Passenger Pre-Screening System that flagged the individual
as a risk for additional screening and directed the passenger to contact
the airline. In an another case an airline said that the CAPPS program is
run by the government, and complaints should be directed to the TSA. A local
FBI office in New Jersey, at the behest of Congressman Bill Pascrell, wrote (pdf)
to the TSA in August 2002 to ask it to take a woman off the list who was
being flagged because of her name's similarity to a wanted Australian man.
In an email dated July 2002, an FBI counter-terrorism officer acknowledged
that different airlines have different procedures when the passenger's name
is a similar to one on the list. The litany of problems is long, but all
point to a lack of transparency and due process in the operation of the watch
lists.

Policy Implications

As the TSA contemplates ever more intrusive passenger profiling schemes,
the agency documents uncovered through EPIC's FOIA work raise important
questions about how the TSA currently operates. The concerns surrounding
the agency's administration of the watch lists preview several potential
problems with the proposed roll out of passenger prescreening systems such
as Secure Flight. The TSA should provide answers to the following questions:

How many people are on the "no fly" and "selectee" lists? How many
are American citizens or legal permanent residents?

Who is responsible for oversight of the list? Who verifies that the
names are selected appropriately and whether the information accurate?

How does the operation of the watch lists comply with the Privacy Act
of 1974?

How effective have the watch lists been?

How can individuals who have been misidentified as watch list matches
clear their names?

Why is there a need for a new passenger prescreening program if intelligence
agencies are already coordinating to ensure that certain high risk individuals
on government watch lists do not board planes?